Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2020-12-24FireEyeStephen Eckels, Jay Smith, William Ballenthin
@online{eckels:20201224:sunburst:3fcb239, author = {Stephen Eckels and Jay Smith and William Ballenthin}, title = {{SUNBURST Additional Technical Details}}, date = {2020-12-24}, organization = {FireEye}, url = {https://www.fireeye.com/blog/threat-research/2020/12/sunburst-additional-technical-details.html}, language = {English}, urldate = {2020-12-26} } SUNBURST Additional Technical Details
SUNBURST
2020-12-17FireEyeKelli Vanderlee
@online{vanderlee:20201217:debuncing:18468be, author = {Kelli Vanderlee}, title = {{DebUNCing Attribution: How Mandiant Tracks Uncategorized Threat Actors}}, date = {2020-12-17}, organization = {FireEye}, url = {https://www.fireeye.com/blog/products-and-services/2020/12/how-mandiant-tracks-uncategorized-threat-actors.html}, language = {English}, urldate = {2020-12-19} } DebUNCing Attribution: How Mandiant Tracks Uncategorized Threat Actors
2020-12-16Twitter (@FireEye)FireEye
@online{fireeye:20201216:sunburst:310ef08, author = {FireEye}, title = {{Tweet on SUNBURST from FireEye detailing some additional information}}, date = {2020-12-16}, organization = {Twitter (@FireEye)}, url = {https://twitter.com/FireEye/status/1339295983583244302}, language = {English}, urldate = {2020-12-17} } Tweet on SUNBURST from FireEye detailing some additional information
SUNBURST
2020-12-16Bleeping ComputerLawrence Abrams
@online{abrams:20201216:fireeye:d24dc6f, author = {Lawrence Abrams}, title = {{FireEye, Microsoft create kill switch for SolarWinds backdoor}}, date = {2020-12-16}, organization = {Bleeping Computer}, url = {https://www.bleepingcomputer.com/news/security/fireeye-microsoft-create-kill-switch-for-solarwinds-backdoor/}, language = {English}, urldate = {2020-12-17} } FireEye, Microsoft create kill switch for SolarWinds backdoor
SUNBURST
2020-12-15InfoSec Handlers Diary BlogDidier Stevens
@online{stevens:20201215:analyzing:1aa1e8b, author = {Didier Stevens}, title = {{Analyzing FireEye Maldocs}}, date = {2020-12-15}, organization = {InfoSec Handlers Diary Blog}, url = {https://isc.sans.edu/diary/26882}, language = {English}, urldate = {2020-12-15} } Analyzing FireEye Maldocs
2020-12-14Olaf Hartong
@online{hartong:20201214:fireeye:d7c17f5, author = {Olaf Hartong}, title = {{FireEye Sunburst KQL Detections}}, date = {2020-12-14}, url = {https://gist.github.com/olafhartong/71ffdd4cab4b6acd5cbcd1a0691ff82f}, language = {English}, urldate = {2020-12-15} } FireEye Sunburst KQL Detections
SUNBURST
2020-12-13FireEyeKevin Mandia
@online{mandia:20201213:global:fe25276, author = {Kevin Mandia}, title = {{Global Intrusion Campaign Leverages Software Supply Chain Compromise}}, date = {2020-12-13}, organization = {FireEye}, url = {https://www.fireeye.com/blog/products-and-services/2020/12/global-intrusion-campaign-leverages-software-supply-chain-compromise.html}, language = {English}, urldate = {2020-12-15} } Global Intrusion Campaign Leverages Software Supply Chain Compromise
2020-12-13Github (fireeye)FireEye
@online{fireeye:20201213:sunburst:04e594f, author = {FireEye}, title = {{SUNBURST Countermeasures}}, date = {2020-12-13}, organization = {Github (fireeye)}, url = {https://github.com/fireeye/sunburst_countermeasures}, language = {English}, urldate = {2020-12-19} } SUNBURST Countermeasures
SUNBURST SUPERNOVA TEARDROP UNC2452
2020-12-13FireEyeAndrew Archer, Doug Bienstock, Chris DiGiamo, Glenn Edwards, Nick Hornick, Alex Pennino, Andrew Rector, Scott Runnels, Eric Scales, Nalani Fraiser, Sarah Jones, John Hultquist, Ben Read, Jon Leathery, Fred House, Dileep Jallepalli, Michael Sikorski, Stephen Eckels, William Ballenthin, Jay Smith, Alex Berry, Nick Richard, Isif Ibrahima, Dan Perez, Marcin Siedlarz, Ben Withnell, Barry Vengerik, Nicole Oppenheim, Ian Ahl, Andrew Thompson, Matt Dunwoody, Evan Reese, Steve Miller, Alyssa Rahman, John Gorman, Lennard Galang, Steve Stone, Nick Bennett, Matthew McWhirt, Mike Burns, Omer Baig, Nick Carr, Christopher Glyer, Ramin Nafisi, Microsoft
@online{archer:20201213:highly:9fe1728, author = {Andrew Archer and Doug Bienstock and Chris DiGiamo and Glenn Edwards and Nick Hornick and Alex Pennino and Andrew Rector and Scott Runnels and Eric Scales and Nalani Fraiser and Sarah Jones and John Hultquist and Ben Read and Jon Leathery and Fred House and Dileep Jallepalli and Michael Sikorski and Stephen Eckels and William Ballenthin and Jay Smith and Alex Berry and Nick Richard and Isif Ibrahima and Dan Perez and Marcin Siedlarz and Ben Withnell and Barry Vengerik and Nicole Oppenheim and Ian Ahl and Andrew Thompson and Matt Dunwoody and Evan Reese and Steve Miller and Alyssa Rahman and John Gorman and Lennard Galang and Steve Stone and Nick Bennett and Matthew McWhirt and Mike Burns and Omer Baig and Nick Carr and Christopher Glyer and Ramin Nafisi and Microsoft}, title = {{Highly Evasive Attacker Leverages SolarWinds Supply Chain to Compromise Multiple Global Victims With SUNBURST Backdoor}}, date = {2020-12-13}, organization = {FireEye}, url = {https://www.fireeye.com/blog/threat-research/2020/12/evasive-attacker-leverages-solarwinds-supply-chain-compromises-with-sunburst-backdoor.html}, language = {English}, urldate = {2020-12-19} } Highly Evasive Attacker Leverages SolarWinds Supply Chain to Compromise Multiple Global Victims With SUNBURST Backdoor
SUNBURST SUPERNOVA TEARDROP UNC2452
2020-12-10PICUS SecuritySüleyman Özarslan
@online{zarslan:20201210:tactics:0cd686a, author = {Süleyman Özarslan}, title = {{Tactics, Techniques and Procedures (TTPs) Utilized by FireEye’s Red Team Tools}}, date = {2020-12-10}, organization = {PICUS Security}, url = {https://www.picussecurity.com/resource/blog/techniques-tactics-procedures-utilized-by-fireeye-red-team-tools}, language = {English}, urldate = {2020-12-11} } Tactics, Techniques and Procedures (TTPs) Utilized by FireEye’s Red Team Tools
2020-12-10Palo Alto Networks Unit 42Unit42
@online{unit42:20201210:threat:6ac31af, author = {Unit42}, title = {{Threat Brief: FireEye Red Team Tool Breach}}, date = {2020-12-10}, organization = {Palo Alto Networks Unit 42}, url = {https://unit42.paloaltonetworks.com/fireeye-red-team-tool-breach/}, language = {English}, urldate = {2020-12-15} } Threat Brief: FireEye Red Team Tool Breach
Cobalt Strike
2020-12-09Github (fireeye)FireEye
@online{fireeye:20201209:fireeye:36cafd8, author = {FireEye}, title = {{Fireeye RED TEAM tool countermeasures}}, date = {2020-12-09}, organization = {Github (fireeye)}, url = {https://github.com/fireeye/red_team_tool_countermeasures}, language = {English}, urldate = {2020-12-14} } Fireeye RED TEAM tool countermeasures
2020-12-09FireEyeMitchell Clarke, Tom Hall
@techreport{clarke:20201209:its:c312acc, author = {Mitchell Clarke and Tom Hall}, title = {{It's not FINished The Evolving Maturity in Ransomware Operations (SLIDES)}}, date = {2020-12-09}, institution = {FireEye}, url = {https://i.blackhat.com/eu-20/Wednesday/eu-20-Clarke-Its-Not-FINished-The-Evolving-Maturity-In-Ransomware-Operations-wp.pdf}, language = {English}, urldate = {2020-12-15} } It's not FINished The Evolving Maturity in Ransomware Operations (SLIDES)
Cobalt Strike DoppelPaymer QakBot REvil
2020-12-08FireEyeKevin Mandia
@online{mandia:20201208:fireeye:6def127, author = {Kevin Mandia}, title = {{FireEye Shares Details of Recent Cyber Attack, Actions to Protect Community}}, date = {2020-12-08}, organization = {FireEye}, url = {https://www.fireeye.com/blog/products-and-services/2020/12/fireeye-shares-details-of-recent-cyber-attack-actions-to-protect-community.html}, language = {English}, urldate = {2020-12-09} } FireEye Shares Details of Recent Cyber Attack, Actions to Protect Community
2020-12-08FireEyeFireEye
@online{fireeye:20201208:unauthorized:c480412, author = {FireEye}, title = {{Unauthorized Access of FireEye Red Team Tools}}, date = {2020-12-08}, organization = {FireEye}, url = {https://www.fireeye.com/blog/threat-research/2020/12/unauthorized-access-of-fireeye-red-team-tools.html}, language = {English}, urldate = {2020-12-15} } Unauthorized Access of FireEye Red Team Tools
2020-12-01FireEyeJames T. Bennett
@online{bennett:20201201:using:d19f4ce, author = {James T. Bennett}, title = {{Using Speakeasy Emulation Framework Programmatically to Unpack Malware}}, date = {2020-12-01}, organization = {FireEye}, url = {https://www.fireeye.com/blog/threat-research/2020/12/using-speakeasy-emulation-framework-programmatically-to-unpack-malware.html}, language = {English}, urldate = {2020-12-15} } Using Speakeasy Emulation Framework Programmatically to Unpack Malware
2020-11-30FireEyeMitchell Clarke, Tom Hall
@techreport{clarke:20201130:its:1b6b681, author = {Mitchell Clarke and Tom Hall}, title = {{It's not FINished The Evolving Maturity in Ransomware Operations}}, date = {2020-11-30}, institution = {FireEye}, url = {https://i.blackhat.com/eu-20/Wednesday/eu-20-Clarke-Its-Not-FINished-The-Evolving-Maturity-In-Ransomware-Operations.pdf}, language = {English}, urldate = {2020-12-14} } It's not FINished The Evolving Maturity in Ransomware Operations
Cobalt Strike DoppelPaymer MimiKatz QakBot REvil
2020-11-22FireEyeYihao Lim
@online{lim:20201122:election:c851b74, author = {Yihao Lim}, title = {{Election Cyber Threats in the Asia-Pacific Region}}, date = {2020-11-22}, organization = {FireEye}, url = {https://www.fireeye.com/blog/threat-research/2020/11/election-cyber-threats-in-the-asia-pacific-region.html}, language = {English}, urldate = {2020-11-23} } Election Cyber Threats in the Asia-Pacific Region
2020-11-19FireEyeAndrew Oliveau, Alyssa Rahman, Brett Hawkins
@online{oliveau:20201119:purgalicious:08e1df3, author = {Andrew Oliveau and Alyssa Rahman and Brett Hawkins}, title = {{Purgalicious VBA: Macro Obfuscation With VBA Purging}}, date = {2020-11-19}, organization = {FireEye}, url = {https://www.fireeye.com/blog/threat-research/2020/11/purgalicious-vba-macro-obfuscation-with-vba-purging.html}, language = {English}, urldate = {2020-11-23} } Purgalicious VBA: Macro Obfuscation With VBA Purging
2020-11-12BrightTALK (FireEye)Justin Moore, Jacob Thompson
@online{moore:20201112:living:a1593bb, author = {Justin Moore and Jacob Thompson}, title = {{Living Off The Land on a Private Island: An Overview of UNC1945}}, date = {2020-11-12}, organization = {BrightTALK (FireEye)}, url = {https://www.brighttalk.com/webcast/7451/451508}, language = {English}, urldate = {2020-12-15} } Living Off The Land on a Private Island: An Overview of UNC1945